Scan Frequency

Schedule recurring scans so FOSSA picks up newly disclosed vulnerabilities and license changes even when your code hasn't changed.

1 min readUpdated Jul 9, 2026

Overview

By default, FOSSA scans a project when new code is pushed. Scheduled scans run independently of commits, useful for surfacing newly disclosed CVEs, updated license data, or policy changes against your existing dependencies without waiting for the next code change.

Scan frequency is configured via update hooks. Settings live at Organization Settings > Projects > Update Hooks for org-wide defaults, and can be overridden per-project in Project Settings > Update Hooks.

  1. 1

    Enable update hooks

    Toggle Enable update hooks on. Scheduled scanning is off by default.

  2. 2

    Set the frequency

    Configure how often scans run:

    SettingOptions
    Update everyAny positive integer combined with Hour(s), Day(s), or Week(s)
    Update timeTime of day in 30-minute increments, only available when the interval unit is Day(s)

    The default is every 2 Days at 12:00 AM.

  3. 3

    Save and propagate

    Click Save. To apply the new defaults to existing projects, click Propagate.

What's next

  • Automatic Updates: Learn how FOSSA re-builds and re-scans projects on commit, schedule, or CI pipeline triggers.
  • Issue Scanners: Configure which types of issues trigger notifications and gate your CI/CD builds.
© 2026 FOSSA, Inc.support@fossa.com